Suspected "bot" Activity email from Comcast

I have now received two worthless emails from Comcast, that say I have suspected bot activity from one of my computers, that give no information about what that activity is.
I have many devices that are in constant communictaion with servers such as TiVos, VOIP telephone systems, a smart TV, iPAD, Motorola XOOM, smartphone, Kindle, etc. I have reserved IP addresses for 42 devices although many are turned off most of the time. My operating systems are up to date. I assume that Norton Security keeps itself up to date. The older operating systems use Microsoft Security Essentials instead of Norton because I suspect Comcast would be unhappy if I put Norton on 10 computers.
I assume that all of the communications from my IP address to various servers is what they are detecting as "bot" activity.
If that is not the case how do I get Comcast to provide some actual activity data instead of a worthless email?

All this started when I got a new IP address from Comcast last week. I'm wondering if they have the wrong IP reporting the bot. I'm tempted to clone another MAC address on my router to force another IP and see what happens tomorrow. All the reports show the bot activity happening between 7-8 am, but it doesn't how up on the Bot check until late afternoon.

All this started when I got a new IP address from Comcast last week. I'm wondering if they have the wrong IP reporting the bot. I'm tempted to clone another MAC address on my router to force another IP and see what happens tomorrow. All the reports show the bot activity happening between 7-8 am, but it doesn't how up on the Bot check until late afternoon.

I do not have constant guard installed and I got two emails so far.

I do have Norton Security Suite 6.3.0.14 installed.

The time given is

2012-09-02 06:24:54 Local Time

They don't even know how to display time. That could be AM or PM. 24 hour time should not have colons ( between the numbers.

The alert message came at 2:05 PM on 9/2 so I guess it has to be an AM time. My main computer would not be turned on at that time of the morning.

Re: Suspected "bot" Activity email from Comcast

gdio53 wrote: ... Constant Guard ... Do we need to have it installed to get the emails? ...

No. Comcast unwisely chose to use the name "Constant Guard" to refer to two different things: software that runs on your computer, and a separate system that runs on Comcast servers and monitors customer modem traffic looking for "bot-like activity". The emails come from that second "Constant Guard" system.

Are you also aware that Norton Security Suite is branded Constant Guard fro Xfinity? Comcast is super ate up with their Constant Guard this and that and supposedly all things pertaining to security put out by Comcast, or is it Xfinity now (?) is brandeed Constant Guard.

The orignial Constant Guard pertained to the Bot detection and notifications and can not be opt out of - just something folks have to live with. I do believe it is a good program and something an ISP should provide.

Then Comcast (Xfinity) decided that they would take programs from other companies and make a "Constant Guard Protection Suite" which in most cases duplicates the Norton Security Suite which they then decided to brand as Constant Guard from Xfinity in large letters with a small Norton Security Suite label in the upper left hand corner of the main page.

Actually, it is all one big confusing situation and IMHO Comcast (Xfinity) would have been far better off trying to be a very good ISP, rather than trying to provide a protection suite when they already had a security program with Norton.

End of my rant!

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Re: Suspected "bot" Activity email from Comcast

Do any of those who have posted in this thread with the same problem have Apple computers?

Based on the times given by the bot check website it is happening when my MacBook Air running the Mountain Lion operating system is in use. The only recent program on that machine is the Vienna RSS reader which goes out and reads six RSS feeds when the program is started.

Re: Suspected "bot" Activity email from Comcast

I called Comcast Security and talked to them for 15-20 minutes. Explained all the scans I did, how my router is locked down, etc. He had no recommendations and said my network was as secure as it could be.

I also told them that I recently received a new IP address and the bot activity emails started about the same time. He said that the server that monitors bot activity isn't up to date and doesn't report in real time.

I cloned another MAC address into my router, reset the modem, and received a new IP; checked the Am I Botted site and it shows the new IP is clear. I'll check over the next few days to make sure it stays clean; if it does, then it was a false positive based on the new IP address.

Re: Suspected "bot" Activity email from Comcast

I just got off the phone with comcast, activating my new modem. I started having connectivity problems a bit more frequently and comcast had stated months ago that it could be my modem. Maybe. The thing was almost 10 years old.

Anyway, right after that, I got the "you may have a bot" email. I'm running an imac, a macbook, ipad, and a dell. I have comcast's Norton.

Anybody think I should be concerned? The "Constant Guard" comcast is touting, is it free like Norton?

Re: Suspected "bot" Activity email from Comcast

I got the same email from them on the bot and when they told be the date and time I just laughed. We were out of town, all the computers and the modem were powered OFF. The only thing I was using was my iPad and that was through another secure service on the east coast. Go figure. Being on a Mac, I couldn't complete the steps they told me as the software is not compatable with my OS.

Re: Suspected "bot" Activity email from Comcast

Received one of those e-mails Saturday. I use Linux here - which can't be infected by bots.

I suspect the traffic it seems to be detecting is coming from individual web sites and pop-ups/unders, not the computer, plus the time it said activity was 'detected', all of my computers and smartphones were powered off for the evening.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

After shutting down several networked devices and thoroughly scanning all Windows PC with multiple antivirus and antimalware products (nothing found), amibotted continues to show activity. I also have Trend Micros RUBOTTED software installed showing no activity since Thursday. The last two detection times on amibotted correspond to when I turned an xbox 360 on.

Given the reports on this forum, and similar reports at http://www.bleepingcomputer.com/forums/t/547159/constant-guard-reporting-bots/ I suspect that Comcast did some recent upgrade with their network security bot detection services and many of us are getting hit with false positives. The other possibility is a very subtle, very wide spread set of bots that have gone undetected for a long time are are just now being detected.

Re: Suspected "bot" Activity email from Comcast

I too got the email on Saturday about being botted it must be the day they send those out.

Either way long story short I scanned with about 6-8 different scanners.

Microsoft Security Essentials was the only one that actually found the TDSS Alueron.M on my system and removed it. This sucker can hide! I did also manually look on the computer and found non of the typical entries that comes with the virus, not even sure when it ran because there was no processes for it running, also replaced Host file as well.

I am botted showed clean this morning fingers crossed that when I get home tonight it's still the case.

Running MSE agian tonight just to be sure. FULL SCAN was the only one that worked for me.

Strange how this got past my Norton..must be time for new security if I can't rely on norton to catch this stuff.

Certain internet pages would not function with "enable javacript" unchecked.

Probable reason for Bot warning; comcast changed security suites in january 2015, and failed to notify customers, resulting in "bots" passing thru the system without being recognized or quarantined.

A comcast customer for 16 years, I know they often make system changes without notice.

A recent example; fall of 2014 they went to a new email protocol without warning; it took 4 days of wasted calls to comcast tech (well over 5 hours total) as one tech after another danced me thru smtp changes, that would work before the call was terminated, and fail a short time later (15 to 30 minutes)

On the evening of day 4....the connection failed. I was in no mood to deal with comcast terrible tech service.

In the morning the system worked perfectly, without calling them and there have been no issues since then.

I'm certain this "bot issue" is a similar situation.

sacramento california; in this area, comcast seems to have a legal monopoly for internet speed.